lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CALCvwp79QoGy6jEwRiz-hyqB3cqZN2e8nfJ1v=cKmTSyN8mkMw@mail.gmail.com>
Date: Sat, 24 Sep 2011 07:49:19 +1000
From: GloW - XD <doomxd@...il.com>
To: Georgi Guninski <guninski@...inski.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: owning ubuntu apt-key net-update (maybe
 apt-get update related)

Aha, sounds like typical (unfortunately), the case of the 'sads' on Ubuntus
behalf.
 This is what unfortunately stops somany people from reporting, just that
BIT of acknowledgemnt, even just a thanks on theyre webpage, but instead
they people think "oh well, this guy has probably raped 5000 boxes then
given us this" , it must be the approach of some companies, or they have
very pathetic secteams, (in ubuntus cause, -no comment rofl).
anyhow thx for clearing that up.
cheers,
xd


On 24 September 2011 01:00, Georgi Guninski <guninski@...inski.com> wrote:

> On Fri, Sep 23, 2011 at 06:32:10AM +1000, GloW - XD wrote:
> > So, this is an exploit then ? Or just a broken package ? Some people
> would
> > simply not understand that,your very techy :P
> > Anyhow, making a small .sh file for the bug would be cool.. if there is a
> > bug to be had.
> > cheers
> >
> >
>
> hi GloW,
>
> the bug appears real to me. ubuntu released an advisory [1]
> and debian have a bug [2].
>
> ubuntu's advisory moderately hurt my narcissistic ego
> by not mentioning my humble name :(
>
> i suppose they have a corporate policy to give credit to "whores only"
> (this might be checked by examining which distros give credit
> and which write ``it was discovered'')
>
> as a minor boost to my narcissistic ego, ubuntu's advisory
> didn't contain CVE(R) ID :)
>
> next time ubuntu hurt my narcissistic ego, i will try the black market for
> the bug.
>
>
> [1]
> https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-September/001424.html
> [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480
>
> --
> joro
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ